Sunday, November 4, 2012

Last month we moved our forum to a new server when the DDoS incident occured. We specifically ordered the server to be setup with a raid array. RAID (redundant array of independent disks) is a storage technology that combines multiple disk drive components into a logical unit.* This technology protects our files in case one of the drive fails preventing loss of data and gives us more time to change the failing drive. Unfortunately they did not setup the drives in raid and we only learn about this when the drive we are using failed tonight. After the drive failed our database immediately stopped working. We are now trying to recover the files onto a new drive. The retrieval process could take as long as 24hours. I know that is a very long time but we have no other option. Let's just hope that no important data is destroyed.

Thanks for your patience. :)

In the meantime you can visit our facebook page if you want to chat with other PINOYDEN members.

Wednesday, October 31, 2012

In this How-To we're going to walk you though changing the default SSH port on a Linux system.

The Secure Shell (SSH) Protocol by default uses port 22.
Accepting this value does not make your system insecure, nor will
changing the port provide a significant variance in security. However,
changing the default SSH port will stop many automated attacks and a bit
harder to guess which port SSH is accessible from. In other words, a
little security though obscurity.

Steps to follow

Step 2: Edit the line which states 'Port 22'. But before doing so, you'll
want to read the note below. Choose an appropriate port, also making
sure it not currently used on the system.

# What ports, IPs and protocols we listen for
Port 50683

Note: The Internet Assigned Numbers Authority
(IANA) is responsible for the global coordination of the DNS Root, IP
addressing, and other Internet protocol resources. It is good practice
to follow their port assignment guidelines. Having said that, port
numbers are divided into three ranges: Well Known Ports, Registered
Ports, and Dynamic and/or Private Ports. The Well Known Ports are those
from 0 through 1023 and SHOULD NOT be used. Registered Ports are those
from 1024 through 49151 should also be avoided too. Dynamic and/or
Private Ports are those from 49152 through 65535 and can be used. Though
nothing is stopping you from using reserved port numbers, our
suggestion may help avoid technical issues with port allocation in the
future.

Step 3: Switch over to the new port by restarting SSH.

/etc/init.d/ssh restart

Step 4: Verify SSH is listening on the new port by connecting to it. Note how the port number now needs to be declared.

ssh username@hostname.com -p 50683

Note: If you have a firewall installed on your system, make sure to also open the port you want to use in the firewall to prevent yourself from getting locked out of the system.

The RSS column tells you the amount of non-swaped physical memory the process is using in KB. At least that is the theory. Often parts of physical memory are shared between processes so the numbers don’t always add up. In fact most processes use shared libraries that are only loaded into memory once and shared among all processes that use them. To find out the amount of non-shared memory a process is using you use this command:

We
checked the server and found out that we are getting a lot of port scan
attempts on our server. Di ko pinansin dahil we normally get a lot of
these on some of our servers. Pero naghihinala na ako dahil marami
kaming IP addresses na nadetect na galing sa bayantel 210.4.15.xxx.

Should
I follow up the IP addresses to find out who is using them at the time
when the UDP packets were sent? Baka pwede natin makilala kung sino sya
[/i] Nope that would be just a waste of time. I am currently working on
DroidVPN with the new design at that time so nagfofocus nalang muna ako
sa baging GUI ng app kaysa mag investigate

I temporarily
redirected the server to a temporary server to show the maintenance
page. That's when I found out that the server was being DDoSed because
the temporary server started to become sluggish after redirecting our
domain.

We were
not able to use cloudflare's service since the main server is already
null routed. Aside from that cloudflare cannot actually offer you true
DDoS protection especially if the attacker knows what hes doing. It is
actually very easy to bypass cloudflare